SSH Newbie Questions: SSH and NFS-exported user homes

Hi Fellow Users,

As a newbie for SSH, I have the following two questions that I can't
seem to find answers anywhere so far.

1. Using ssh in an environment where user home directory is NSF-
mounted universally.

For example, I am trying to ssh from HostC (client) to HostS
(server). My home folder,
/user/user1, is NSF-mounted to both HostC and HostS (possibly from
yet another server).
Therefore, my private keys are already present on the server also
(in addition to the
client).
In this scenario, is secure connection pointless (can't be made
secure)? Or are there
things one can try to make intelligent use of SSH in it? Is this
not a commonly
encountered situation out there, as I don't see any mention of
such a case?

For background, we had a set of desktops and a set of servers (for
interactive work and
running long batch programs). With the old rsh, we made it such
that any user can
easily remote login from his own desktop to another desktop or one
of the servers at will,
without passwords (using .rhosts settings). It may not the most
secure way but it's hard
to beat for convenience. Just wonder if similar setup is possible
with SSH.

2. No password login using SSH ( in the above-mentioned environment )

Whether flawed or not, I have installed OpenSSH and set up an
account with
password-less login (i.e, I copied id_rsa.pub to authorized_keys
in ~/.ssh).
This seems to work ok. But the trouble is, for another account,
the same method won't
work! To the best of my knowledge I set up the second account the
same way, but it fails
(requires password), and I can't figure out what's the difference
between the two.
I know one account belongs to more unix groups than the other but
I can't imagine any
reason this might affect SSH.
Another related point is: can password-less login work in the
universal user home
environment (as described above). Or is SSH solely for single
client-based setup, i.e,
the initial can only be from the one client host where you create
the keys?
Does anyone know any docs that explain this aspect.

I would appreciate any comments or pointers regard these as I can't
seem to figure it out.

Thanks,
Tony

.

Relevant Pages

  • Re: Multi-User Security
    ... >> environment. ... >> machine on our server using rsync and SSH. ... Unfortunately we will be using rsync and AFAIK it uses SSH for its ...
    (FreeBSD-Security)
  • Re: Apache Software Foundation Server compromised, resecured. (fwd)
    ... this was one "result" of the comromised ssh binary at sourceforge. ... a public server of the Apache Software Foundation ... > (ASF) was illegally accessed by unknown crackers. ... > exhaustive audit of all Apache source code and binary distributions ...
    (FreeBSD-Security)
  • Re: FreeBSD Crash without Errors, Warnings, or Panics
    ... I suppose I could run on stable until the driver is fixed in a release branch, but I need this box up and online, and I've always read that the stable branch is not the place for production servers. ... I'm running 6.0-RELEASE-p5 on a Toshiba built server: dual Xeon Intel motherboard with a LSILogic MegaRAID controller. ... Also, some network ports still respond, like a telnet to port 22 to test SSH will yield an SSH banner, but trying to connect with SSH just hangs. ... The box runs a web-based app and connects to a local Postgres DB which seemed to be unable to start new connections being requested by the PHP scripts. ...
    (freebsd-hackers)
  • Re: restrict ssh access
    ... > We have one ssh server which receives about 6000 failed attempts to ... > unsuccessful login attempts per client IP address? ... the remote server is also running OpenSSH. ...
    (comp.security.ssh)
  • Re: SSH as root
    ... Subject: SSH as root ... but it doesn't require having a key on the server that could be ... If they compromise a server, and the passphrase, etc. is there, they only ... private key to anyone. ...
    (SSH)